| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS console. |
| asterisk allows calls on prohibited networks |
| Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments. |
| An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them. |
| mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname. |
| A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling. |
| FireGPG before 0.6 handle user’s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users’s private key. |
| frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user. |
| Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0. |
| viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option. |
| A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build 2007-02-20. |
| archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition. |
| There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. |
| I race condition in Temp files was found in gs-gpl before 8.56 addons scripts. |
| Zoo 2.10 has Directory traversal |
| Integer overflow in the new[] operator in gcc before 4.8.0 allows attackers to have unspecified impacts. |
| TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. |
| Transient DOS while parsing ESP IE from beacon/probe response frame. |
| Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. |
| Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report. |
